Separate user and auth providers, add config for rest user

changelog/unreleased/separate-auth-user-providers.md

@@ -0,0 +1,9 @@
+Enhancement: Separate user and auth providers, add config for rest user
+
+Previously, the auth and user provider services used to have the same driver,
+which restricted using separate drivers and configs for both. This PR separates
+the two and adds the config for the rest user driver and the gatewaysvc
+parameter to EOS fs.
+
+https://github.com/owncloud/ocis-reva/pull/412
+https://github.com/cs3org/reva/pull/995

go.mod

@@ -3,7 +3,7 @@ module github.com/owncloud/ocis-reva
 go 1.13
 
 require (
-	github.com/cs3org/reva v0.1.1-0.20200728071211-c948977dd3a0
+	github.com/cs3org/reva v0.1.1-0.20200729074826-0252a4b39385
 	github.com/gofrs/uuid v3.3.0+incompatible
 	github.com/gopherjs/gopherjs v0.0.0-20181103185306-d547d1d9531e // indirect
 	github.com/micro/cli/v2 v2.1.1
@@ -17,6 +17,5 @@ require (
 	github.com/prometheus/procfs v0.0.8 // indirect
 	github.com/restic/calens v0.2.0
 	github.com/spf13/viper v1.6.1
-	github.com/uber/jaeger-client-go v2.20.1+incompatible // indirect
 	gopkg.in/ini.v1 v1.51.1 // indirect
 )

go.sum

@@ -145,10 +145,10 @@ github.com/cpuguy83/go-md2man/v2 v2.0.0-20190314233015-f79a8a8ca69d h1:U+s90UTSY
 github.com/cpuguy83/go-md2man/v2 v2.0.0-20190314233015-f79a8a8ca69d/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU=
 github.com/creack/pty v1.1.7/go.mod h1:lj5s0c3V2DBrqTV7llrYr5NG6My20zk30Fl46Y7DoTY=
 github.com/cs3org/cato v0.0.0-20200626150132-28a40e643719/go.mod h1:XJEZ3/EQuI3BXTp/6DUzFr850vlxq11I6satRtz0YQ4=
-github.com/cs3org/go-cs3apis v0.0.0-20200709064917-d96c5f2a42ad h1:XxB0h+UKILRKdr+WgPJaOfW8duVPeVKq/18aip5D/Ws=
-github.com/cs3org/go-cs3apis v0.0.0-20200709064917-d96c5f2a42ad/go.mod h1:UXha4TguuB52H14EMoSsCqDj7k8a/t7g4gVP+bgY5LY=
-github.com/cs3org/reva v0.1.1-0.20200728071211-c948977dd3a0 h1:v1+My73gml0FW0t8pokmbQ32QhJJyxiiJ8zHYL+g81I=
-github.com/cs3org/reva v0.1.1-0.20200728071211-c948977dd3a0/go.mod h1:hpkioVUPS+7USJq1cW1ikT22fxeMbVvHfonQVYcix4g=
+github.com/cs3org/go-cs3apis v0.0.0-20200728114537-4efa23660dbe h1:CQ/Grq7oVFqwiUg4VA/T+fl3JHZKEyo/RcTE7C23rW4=
+github.com/cs3org/go-cs3apis v0.0.0-20200728114537-4efa23660dbe/go.mod h1:UXha4TguuB52H14EMoSsCqDj7k8a/t7g4gVP+bgY5LY=
+github.com/cs3org/reva v0.1.1-0.20200729074826-0252a4b39385 h1:ZV9yj1AeLAkrU36JmeyK/s9xs5VhYsiUyjSYn7PCRME=
+github.com/cs3org/reva v0.1.1-0.20200729074826-0252a4b39385/go.mod h1:ZnRxYi5kSr4l24FmRBOeLWX5GKjUCrOreJuUX7E1bVw=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/decker502/dnspod-go v0.2.0/go.mod h1:qsurYu1FgxcDwfSwXJdLt4kRsBLZeosEb9uq4Sy+08g=

pkg/command/authbasic.go

@@ -88,10 +88,10 @@ func AuthBasic(cfg *config.Config) *cli.Command {
 						// TODO build services dynamically
 						"services": map[string]interface{}{
 							"authprovider": map[string]interface{}{
-								"auth_manager": cfg.Reva.Users.Driver,
+								"auth_manager": cfg.Reva.AuthProvider.Driver,
 								"auth_managers": map[string]interface{}{
 									"json": map[string]interface{}{
-										"users": cfg.Reva.Users.JSON,
+										"users": cfg.Reva.AuthProvider.JSON,
 									},
 									"ldap": map[string]interface{}{
 										"hostname":      cfg.Reva.LDAP.Hostname,

pkg/command/authbearer.go

@@ -91,9 +91,11 @@ func AuthBearer(cfg *config.Config) *cli.Command {
 								"auth_manager": "oidc",
 								"auth_managers": map[string]interface{}{
 									"oidc": map[string]interface{}{
-										"issuer":   cfg.Reva.OIDC.Issuer,
-										"insecure": cfg.Reva.OIDC.Insecure,
-										"id_claim": cfg.Reva.OIDC.IDClaim,
+										"issuer":    cfg.Reva.OIDC.Issuer,
+										"insecure":  cfg.Reva.OIDC.Insecure,
+										"id_claim":  cfg.Reva.OIDC.IDClaim,
+										"uid_claim": cfg.Reva.OIDC.UIDClaim,
+										"gid_claim": cfg.Reva.OIDC.GIDClaim,
 									},
 								},
 							},

pkg/command/storageeos.go

@@ -106,6 +106,7 @@ func StorageEOS(cfg *config.Config) *cli.Command {
 										"keytab":                 cfg.Reva.Storages.EOS.Keytab,
 										"single_username":        cfg.Reva.Storages.EOS.SingleUsername,
 										"user_layout":            cfg.Reva.Storages.EOS.Layout,
+										"gatewaysvc":             cfg.Reva.Gateway.URL,
 									},
 									"eoshome": map[string]interface{}{
 										"namespace":              cfg.Reva.Storages.EOS.Namespace,
@@ -124,6 +125,7 @@ func StorageEOS(cfg *config.Config) *cli.Command {
 										"keytab":                 cfg.Reva.Storages.EOS.Keytab,
 										"single_username":        cfg.Reva.Storages.EOS.SingleUsername,
 										"user_layout":            cfg.Reva.Storages.EOS.Layout,
+										"gatewaysvc":             cfg.Reva.Gateway.URL,
 									},
 								},
 								"mount_path":         cfg.Reva.StorageEOS.MountPath,

pkg/command/storageeosdata.go

@@ -108,6 +108,7 @@ func StorageEOSData(cfg *config.Config) *cli.Command {
 										"keytab":                 cfg.Reva.Storages.EOS.Keytab,
 										"single_username":        cfg.Reva.Storages.EOS.SingleUsername,
 										"user_layout":            cfg.Reva.Storages.EOS.Layout,
+										"gatewaysvc":             cfg.Reva.Gateway.URL,
 									},
 									"eoshome": map[string]interface{}{
 										"namespace":              cfg.Reva.Storages.EOS.Namespace,
@@ -126,6 +127,7 @@ func StorageEOSData(cfg *config.Config) *cli.Command {
 										"keytab":                 cfg.Reva.Storages.EOS.Keytab,
 										"single_username":        cfg.Reva.Storages.EOS.SingleUsername,
 										"user_layout":            cfg.Reva.Storages.EOS.Layout,
+										"gatewaysvc":             cfg.Reva.Gateway.URL,
 									},
 								},
 								"timeout":     86400,

pkg/command/storagehome.go

@@ -106,6 +106,7 @@ func StorageHome(cfg *config.Config) *cli.Command {
 										"keytab":                 cfg.Reva.Storages.EOS.Keytab,
 										"single_username":        cfg.Reva.Storages.EOS.SingleUsername,
 										"user_layout":            cfg.Reva.Storages.EOS.Layout,
+										"gatewaysvc":             cfg.Reva.Gateway.URL,
 									},
 									"eoshome": map[string]interface{}{
 										"namespace":              cfg.Reva.Storages.EOS.Namespace,
@@ -124,6 +125,7 @@ func StorageHome(cfg *config.Config) *cli.Command {
 										"keytab":                 cfg.Reva.Storages.EOS.Keytab,
 										"single_username":        cfg.Reva.Storages.EOS.SingleUsername,
 										"user_layout":            cfg.Reva.Storages.EOS.Layout,
+										"gatewaysvc":             cfg.Reva.Gateway.URL,
 									},
 									"local": map[string]interface{}{
 										"root": cfg.Reva.Storages.Local.Root,

pkg/command/storagehomedata.go

@@ -108,6 +108,7 @@ func StorageHomeData(cfg *config.Config) *cli.Command {
 										"keytab":                 cfg.Reva.Storages.EOS.Keytab,
 										"single_username":        cfg.Reva.Storages.EOS.SingleUsername,
 										"user_layout":            cfg.Reva.Storages.EOS.Layout,
+										"gatewaysvc":             cfg.Reva.Gateway.URL,
 									},
 									"eoshome": map[string]interface{}{
 										"namespace":              cfg.Reva.Storages.EOS.Namespace,
@@ -126,6 +127,7 @@ func StorageHomeData(cfg *config.Config) *cli.Command {
 										"keytab":                 cfg.Reva.Storages.EOS.Keytab,
 										"single_username":        cfg.Reva.Storages.EOS.SingleUsername,
 										"user_layout":            cfg.Reva.Storages.EOS.Layout,
+										"gatewaysvc":             cfg.Reva.Gateway.URL,
 									},
 									"local": map[string]interface{}{
 										"root": cfg.Reva.Storages.Local.Root,

pkg/command/storageoc.go

@@ -106,6 +106,7 @@ func StorageOC(cfg *config.Config) *cli.Command {
 										"keytab":                 cfg.Reva.Storages.EOS.Keytab,
 										"single_username":        cfg.Reva.Storages.EOS.SingleUsername,
 										"user_layout":            cfg.Reva.Storages.EOS.Layout,
+										"gatewaysvc":             cfg.Reva.Gateway.URL,
 									},
 									"eoshome": map[string]interface{}{
 										"namespace":              cfg.Reva.Storages.EOS.Namespace,
@@ -124,6 +125,7 @@ func StorageOC(cfg *config.Config) *cli.Command {
 										"keytab":                 cfg.Reva.Storages.EOS.Keytab,
 										"single_username":        cfg.Reva.Storages.EOS.SingleUsername,
 										"user_layout":            cfg.Reva.Storages.EOS.Layout,
+										"gatewaysvc":             cfg.Reva.Gateway.URL,
 									},
 									"local": map[string]interface{}{
 										"root": cfg.Reva.Storages.Local.Root,

pkg/command/storageocdata.go

@@ -108,6 +108,7 @@ func StorageOCData(cfg *config.Config) *cli.Command {
 										"keytab":                 cfg.Reva.Storages.EOS.Keytab,
 										"single_username":        cfg.Reva.Storages.EOS.SingleUsername,
 										"user_layout":            cfg.Reva.Storages.EOS.Layout,
+										"gatewaysvc":             cfg.Reva.Gateway.URL,
 									},
 									"eoshome": map[string]interface{}{
 										"namespace":              cfg.Reva.Storages.EOS.Namespace,
@@ -126,6 +127,7 @@ func StorageOCData(cfg *config.Config) *cli.Command {
 										"keytab":                 cfg.Reva.Storages.EOS.Keytab,
 										"single_username":        cfg.Reva.Storages.EOS.SingleUsername,
 										"user_layout":            cfg.Reva.Storages.EOS.Layout,
+										"gatewaysvc":             cfg.Reva.Gateway.URL,
 									},
 									"local": map[string]interface{}{
 										"root": cfg.Reva.Storages.Local.Root,

pkg/command/storageroot.go

@@ -106,6 +106,7 @@ func StorageRoot(cfg *config.Config) *cli.Command {
 										"keytab":                 cfg.Reva.Storages.EOS.Keytab,
 										"single_username":        cfg.Reva.Storages.EOS.SingleUsername,
 										"user_layout":            cfg.Reva.Storages.EOS.Layout,
+										"gatewaysvc":             cfg.Reva.Gateway.URL,
 									},
 									"eoshome": map[string]interface{}{
 										"namespace":              cfg.Reva.Storages.EOS.Namespace,
@@ -124,6 +125,7 @@ func StorageRoot(cfg *config.Config) *cli.Command {
 										"keytab":                 cfg.Reva.Storages.EOS.Keytab,
 										"single_username":        cfg.Reva.Storages.EOS.SingleUsername,
 										"user_layout":            cfg.Reva.Storages.EOS.Layout,
+										"gatewaysvc":             cfg.Reva.Gateway.URL,
 									},
 									"local": map[string]interface{}{
 										"root": cfg.Reva.Storages.Local.Root,

pkg/command/users.go

@@ -110,6 +110,18 @@ func Users(cfg *config.Config) *cli.Command {
 											"cn":          cfg.Reva.LDAP.Schema.CN,
 										},
 									},
+									"rest": map[string]interface{}{
+										"client_id":                    cfg.Reva.UserRest.ClientID,
+										"client_secret":                cfg.Reva.UserRest.ClientSecret,
+										"redis_address":                cfg.Reva.UserRest.RedisAddress,
+										"redis_username":               cfg.Reva.UserRest.RedisUsername,
+										"redis_password":               cfg.Reva.UserRest.RedisPassword,
+										"user_groups_cache_expiration": cfg.Reva.UserRest.UserGroupsCacheExpiration,
+										"id_provider":                  cfg.Reva.UserRest.IDProvider,
+										"api_base_url":                 cfg.Reva.UserRest.APIBaseURL,
+										"oidc_token_endpoint":          cfg.Reva.UserRest.OIDCTokenEndpoint,
+										"target_api":                   cfg.Reva.UserRest.TargetAPI,
+									},
 								},
 							},
 						},

pkg/config/config.go

@@ -199,6 +199,8 @@ type OIDC struct {
 	Issuer   string
 	Insecure bool
 	IDClaim  string
+	UIDClaim string
+	GIDClaim string
 }
 
 // LDAP defines the available ldap configuration.
@@ -216,6 +218,20 @@ type LDAP struct {
 	Schema       LDAPSchema
 }
 
+// UserRest defines the user REST driver specification.
+type UserRest struct {
+	ClientID                  string
+	ClientSecret              string
+	RedisAddress              string
+	RedisUsername             string
+	RedisPassword             string
+	UserGroupsCacheExpiration int
+	IDProvider                string
+	APIBaseURL                string
+	OIDCTokenEndpoint         string
+	TargetAPI                 string
+}
+
 // LDAPSchema defines the available ldap schema configuration.
 type LDAPSchema struct {
 	UID         string
@@ -238,13 +254,15 @@ type Reva struct {
 	TransferExpires int
 	OIDC            OIDC
 	LDAP            LDAP
+	UserRest        UserRest
 	OCDav           OCDav
 	Storages        StorageConfig
 	// Ports are used to configure which services to start on which port
 	Frontend          FrontendPort
 	DataGateway       Port
 	Gateway           Gateway
 	Users             Users
+	AuthProvider      Users
 	AuthBasic         Port
 	AuthBearer        Port
 	Sharing           Sharing

pkg/flagset/authbasic.go

@@ -82,21 +82,21 @@ func AuthBasicWithConfig(cfg *config.Config) []cli.Flag {
 			Destination: &cfg.Reva.JWTSecret,
 		},
 
-		// Users
+		// Auth
 
 		&cli.StringFlag{
-			Name:        "users-driver",
+			Name:        "auth-driver",
 			Value:       "ldap",
-			Usage:       "user driver: 'demo', 'json' or 'ldap'",
-			EnvVars:     []string{"REVA_USERS_DRIVER"},
-			Destination: &cfg.Reva.Users.Driver,
+			Usage:       "auth driver: 'demo', 'json' or 'ldap'",
+			EnvVars:     []string{"REVA_AUTH_DRIVER"},
+			Destination: &cfg.Reva.AuthProvider.Driver,
 		},
 		&cli.StringFlag{
-			Name:        "users-json",
+			Name:        "auth-json",
 			Value:       "",
 			Usage:       "Path to users.json file",
-			EnvVars:     []string{"REVA_USERS_JSON"},
-			Destination: &cfg.Reva.Users.JSON,
+			EnvVars:     []string{"REVA_AUTH_JSON"},
+			Destination: &cfg.Reva.AuthProvider.JSON,
 		},
 
 		// LDAP

pkg/flagset/authbearer.go

@@ -111,6 +111,20 @@ func AuthBearerWithConfig(cfg *config.Config) []cli.Flag {
 			EnvVars:     []string{"REVA_OIDC_ID_CLAIM"},
 			Destination: &cfg.Reva.OIDC.IDClaim,
 		},
+		&cli.StringFlag{
+			Name: "oidc-uid-claim",
+			Value:       "cern_uid",
+			Usage:       "OIDC uid claim",
+			EnvVars:     []string{"REVA_OIDC_UID_CLAIM"},
+			Destination: &cfg.Reva.OIDC.UIDClaim,
+		},
+		&cli.StringFlag{
+			Name: "oidc-gid-claim",
+			Value:       "cern_gid",
+			Usage:       "OIDC gid claim",
+			EnvVars:     []string{"REVA_OIDC_GID_CLAIM"},
+			Destination: &cfg.Reva.OIDC.GIDClaim,
+		},
 
 		// Services
 

pkg/flagset/storageeos.go

@@ -329,5 +329,15 @@ func StorageEOSWithConfig(cfg *config.Config) []cli.Flag {
 			EnvVars:     []string{"REVA_STORAGE_OWNCLOUD_LAYOUT"},
 			Destination: &cfg.Reva.Storages.OwnCloud.Layout,
 		},
+
+		// Gateway
+
+		&cli.StringFlag{
+			Name:        "gateway-url",
+			Value:       "localhost:9142",
+			Usage:       "URL to use for the reva gateway service",
+			EnvVars:     []string{"REVA_GATEWAY_URL"},
+			Destination: &cfg.Reva.Gateway.URL,
+		},
 	}
 }

pkg/flagset/storagehome.go

@@ -334,5 +334,15 @@ func StorageHomeWithConfig(cfg *config.Config) []cli.Flag {
 			EnvVars:     []string{"REVA_STORAGE_OWNCLOUD_LAYOUT"},
 			Destination: &cfg.Reva.Storages.OwnCloud.Layout,
 		},
+
+		// Gateway
+
+		&cli.StringFlag{
+			Name:        "gateway-url",
+			Value:       "localhost:9142",
+			Usage:       "URL to use for the reva gateway service",
+			EnvVars:     []string{"REVA_GATEWAY_URL"},
+			Destination: &cfg.Reva.Gateway.URL,
+		},
 	}
 }

pkg/flagset/storageoc.go

@@ -332,5 +332,15 @@ func StorageOCWithConfig(cfg *config.Config) []cli.Flag {
 			EnvVars:     []string{"REVA_STORAGE_OWNCLOUD_LAYOUT"},
 			Destination: &cfg.Reva.Storages.OwnCloud.Layout,
 		},
+
+		// Gateway
+
+		&cli.StringFlag{
+			Name:        "gateway-url",
+			Value:       "localhost:9142",
+			Usage:       "URL to use for the reva gateway service",
+			EnvVars:     []string{"REVA_GATEWAY_URL"},
+			Destination: &cfg.Reva.Gateway.URL,
+		},
 	}
 }

pkg/flagset/storageroot.go

@@ -316,5 +316,15 @@ func StorageRootWithConfig(cfg *config.Config) []cli.Flag {
 			EnvVars:     []string{"REVA_STORAGE_OWNCLOUD_LAYOUT"},
 			Destination: &cfg.Reva.Storages.OwnCloud.Layout,
 		},
+
+		// Gateway
+
+		&cli.StringFlag{
+			Name:        "gateway-url",
+			Value:       "localhost:9142",
+			Usage:       "URL to use for the reva gateway service",
+			EnvVars:     []string{"REVA_GATEWAY_URL"},
+			Destination: &cfg.Reva.Gateway.URL,
+		},
 	}
 }